Windows Domain Credentials Phishing Tool

While performing a Pen test for a client i needed to catch a domain user name and password, there are several ways to gain users passwords and it really depends on a lot of factors on how to get it in my case i didn’t had time to wait for the user to enter his credentials and get it using a key...

Microsoft ASP.NET POST Request Denial of Service (MS14-009; CVE-2014-0253)

A denial of service vulnerability exists in Microsoft ASP.NET. The vulnerability is caused when the .NET Framework improperly identifies stale or closed HTTP client connections. A remote attacker can trigger this flaw by sending a small number of specially crafted requests to an affected server...

Microsoft .NET Framework Unsupported

According to its self-reported version number, there is at least one version of Microsoft .NET Framework installed on the remote Windows host that is no longer supported. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely...

Microsoft .NET Framework ASLR安全限制绕过漏洞(CVE-2014-0295)(MS14-009)

BUGTRAQ ID: 65418 CVECAN ID: CVE-2014-0295 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft.NET Framework没有正确实现地址空间布局随机化，存在安全限制绕过漏洞。此漏洞可使攻击者绕过ASLR安全功能，然后即可加载恶意代码，利用其它漏洞。 0 Microsoft .NET Framework 4.x...

CVE-2014-0295

VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."...

CVE-2014-0253

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or 2 clos...

Design/Logic Flaw

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via 1 a crafted web site or 2 a crafted .NET Framework application that exposes a COM serve...

Design/Logic Flaw

VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."...

Cross site request forgery (csrf)

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or 2 clos...

CVE-2014-0253

Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine TCP connection states, which allows remote attackers to cause a denial of service ASP.NET daemon hang via crafted HTTP requests that trigger persistent resource consumption for a 1 stale or 2 clos...

CVE-2014-0295

CVE-2014-0295 affects Microsoft .NET Framework 2.0 SP2 and 3.5.1 due to VsaVb7rt.dll not implementing ASLR, enabling remote code execution via a crafted website. Public sources note exploitation in the wild (Feb 2014). Kaspersky and OpenVAS entries corroborate that ASLR bypass is the core issue i...

CVE-2014-0295

VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."...

CVE-2014-0257

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via 1 a crafted web site or 2 a crafted .NET Framework application that exposes a COM serve...

CVE-2014-0257

CVE-2014-0257 affects multiple .NET Framework versions (1.0 SP3 to 4.5.1). The issue is a type-traversal flaw in the .NET COM interop path: the _Object.GetType method can return a COM _Type object that lets an attacker reach .NET reflection APIs and ultimately execute code (e.g., via Process.Star...

CVE-2014-0253

CVE-2014-0253 affects multiple .NET Framework versions (1.1 SP1, 2.0 SP2, 3.5/3.5.1, 4, 4.5, 4.5.1). The issue is improper handling of TCP connection states, allowing a remote attacker to cause a denial of service by sending crafted HTTP requests that trigger persistent resource consumption, resu...

Microsoft .NET Framework 远程权利提升漏洞(CVE-2014-0257)(MS14-009)

BUGTRAQ ID: 65417 CVECAN ID: CVE-2014-0257 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft.NET Framework内存在权限提升漏洞，可使攻击者提升其在受影响系统上的权限。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft...

VulnCheck KEV: CVE-2014-0295

VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in February 2014, aka "VSAVB7RT ASLR Vulnerability."...

Microsoft .NET Framework 远程拒绝服务漏洞(CVE-2014-0253)(MS14-009)

BUGTRAQ ID: 65415 CVECAN ID: CVE-2014-0253 .NET就是微软的用来实现XML，Web Services，SOA（面向服务的体系结构service-oriented architecture）和敏捷性的技术。.NET Framework是微软开发的软件框架，主要运行在Microsoft Windows上。 Microsoft ASP.NET中存在拒绝服务漏洞，可使攻击者造成ASP.NET服务器不响应。 0 Microsoft .NET Framework 4.x Microsoft .NET Framework 3.x Microsoft .NET...

Microsoft .NET Framework Multiple Vulnerabilities (2916607)

This host is missing an important security update according to Microsoft Bulletin MS14-009. OpenVAS Vulnerability Test $Id: secpodms14-009.nasl 7582 2017-10-26 11:56:51Z cfischer $ Microsoft .NET Framework Multiple Vulnerabilities 2916607 Authors: Thanga Prakash S Copyright: Copyright C 2014...

MS14-009: Vulnerabilities in .NET Framework Could Allow Privilege Escalation (2916607)

The remote Windows host is running a version of the Microsoft .NET Framework that is affected by multiple vulnerabilities : - An error exists related to handling stale or closed HTTP client connections that can allow denial of service attacks. CVE-2014-0253 - An error exists related to decisions...